A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case

Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, en...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM transactions on cyber-physical systems 2020-04, Vol.4 (2), p.1-28
Hauptverfasser: Babun, Leonardo, Aksu, Hidayet, Uluagac, A. Selcuk
Format: Artikel
Sprache:eng
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 28
container_issue 2
container_start_page 1
container_title ACM transactions on cyber-physical systems
container_volume 4
creator Babun, Leonardo
Aksu, Hidayet
Uluagac, A. Selcuk
description Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.
doi_str_mv 10.1145/3355300
format Article
fullrecord <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3355300</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3355300</sourcerecordid><originalsourceid>FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</originalsourceid><addsrcrecordid>eNo9kEtLAzEYRYMoWGrxL2TnajTvx7KOVgsFhSq4G5LMNxidMSUZRvrvrVjc3HsXh7s4CF1Sck2pkDecS8kJOUEzxrWprOLm9H-zt3O0KOWDEEK1OqSeofUSb_dlhKHqYYIe38K7m2LKrsd3MEIYY_rCq-wG-E75E3cp4zoNu5yGWKDF9fP2wE0xQLlAZ53rCyyOPUevq_uX-rHaPD2s6-WmCtTosZLUd4pS04IwUrXKC81kkFb4liqhuXfcWt8RyUhQnjNhW0OcZRAsc8ZpPkdXf78hp1IydM0ux8HlfUNJ8yuhOUrgP20hTPk</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</title><source>ACM Digital Library Complete</source><creator>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</creator><creatorcontrib>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</creatorcontrib><description>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</description><identifier>ISSN: 2378-962X</identifier><identifier>EISSN: 2378-9638</identifier><identifier>DOI: 10.1145/3355300</identifier><language>eng</language><ispartof>ACM transactions on cyber-physical systems, 2020-04, Vol.4 (2), p.1-28</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</cites><orcidid>0000-0002-7082-8423</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27904,27905</link.rule.ids></links><search><creatorcontrib>Babun, Leonardo</creatorcontrib><creatorcontrib>Aksu, Hidayet</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><title>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</title><title>ACM transactions on cyber-physical systems</title><description>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</description><issn>2378-962X</issn><issn>2378-9638</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNo9kEtLAzEYRYMoWGrxL2TnajTvx7KOVgsFhSq4G5LMNxidMSUZRvrvrVjc3HsXh7s4CF1Sck2pkDecS8kJOUEzxrWprOLm9H-zt3O0KOWDEEK1OqSeofUSb_dlhKHqYYIe38K7m2LKrsd3MEIYY_rCq-wG-E75E3cp4zoNu5yGWKDF9fP2wE0xQLlAZ53rCyyOPUevq_uX-rHaPD2s6-WmCtTosZLUd4pS04IwUrXKC81kkFb4liqhuXfcWt8RyUhQnjNhW0OcZRAsc8ZpPkdXf78hp1IydM0ux8HlfUNJ8yuhOUrgP20hTPk</recordid><startdate>20200430</startdate><enddate>20200430</enddate><creator>Babun, Leonardo</creator><creator>Aksu, Hidayet</creator><creator>Uluagac, A. Selcuk</creator><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-7082-8423</orcidid></search><sort><creationdate>20200430</creationdate><title>A System-level Behavioral Detection Framework for Compromised CPS Devices</title><author>Babun, Leonardo ; Aksu, Hidayet ; Uluagac, A. Selcuk</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c187t-51bf6118de4856d6b4725c594bd16473ba399bf0520c6b3249d80a92ec92a8a73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Babun, Leonardo</creatorcontrib><creatorcontrib>Aksu, Hidayet</creatorcontrib><creatorcontrib>Uluagac, A. Selcuk</creatorcontrib><collection>CrossRef</collection><jtitle>ACM transactions on cyber-physical systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Babun, Leonardo</au><au>Aksu, Hidayet</au><au>Uluagac, A. Selcuk</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case</atitle><jtitle>ACM transactions on cyber-physical systems</jtitle><date>2020-04-30</date><risdate>2020</risdate><volume>4</volume><issue>2</issue><spage>1</spage><epage>28</epage><pages>1-28</pages><issn>2378-962X</issn><eissn>2378-9638</eissn><abstract>Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. The emerging smart-grid concept is a compelling critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, early behavioral detection of compromised devices is critical for protecting the smart grid’s components and data. To address these concerns, in this article, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework, we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate for the detection of compromised devices. Specifically, performance metrics include accuracy values between 95% and 99% for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has minimal overhead on the smart grid devices’ computing resources.</abstract><doi>10.1145/3355300</doi><tpages>28</tpages><orcidid>https://orcid.org/0000-0002-7082-8423</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 2378-962X
ispartof ACM transactions on cyber-physical systems, 2020-04, Vol.4 (2), p.1-28
issn 2378-962X
2378-9638
language eng
recordid cdi_crossref_primary_10_1145_3355300
source ACM Digital Library Complete
title A System-level Behavioral Detection Framework for Compromised CPS Devices: Smart-Grid Case
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-21T10%3A11%3A19IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20System-level%20Behavioral%20Detection%20Framework%20for%20Compromised%20CPS%20Devices:%20Smart-Grid%20Case&rft.jtitle=ACM%20transactions%20on%20cyber-physical%20systems&rft.au=Babun,%20Leonardo&rft.date=2020-04-30&rft.volume=4&rft.issue=2&rft.spage=1&rft.epage=28&rft.pages=1-28&rft.issn=2378-962X&rft.eissn=2378-9638&rft_id=info:doi/10.1145/3355300&rft_dat=%3Ccrossref%3E10_1145_3355300%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true